JSM bypass via ReflectionHelper (#722) · Issues · Administrator / ticket

JSM bypass via ReflectionHelper

Created by: armorcodegithubapp[bot]

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >[4.1.0.Beta1, 4.3.2.Final),[5.0.0.Final,5.1.2.Final)
Vulnerable Path: >null>

Overview

org.hibernate:hibernate-validator is a Hibernate Validator Engine Relocation Artifact.

Affected versions of this package are vulnerable to JSM bypass via ReflectionHelper. ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

References

GitHub Commit
GitHub Commit
GitHub Commit
GitHub Commit
GitHub Commit
GitHub Commit
GitHub Commit
GitHub Commit
Jira Issue
Redhat Bugzilla

Snyk Project Status: Active

Mitigation: ## Remediation Upgrade org.hibernate:hibernate-validator to version 4.3.2.Final, 5.1.2.Final or higher.

https://app.armorcode.com/#/findings/70919727